Dan Q

Month: January 2011

The Worst Server Infection I’ve Ever Seen

With my day job at SmartData I’ve recently been doing some work for a client, transporting their data from the Microsoft SQL Server that back-ends their desktop application and converting it to a different schema on a different database for a new, web-based application. Because there’s quite a lot of data, the schema are quite different, and the data needs to be converted in a “smart” way: I’ve written a program to help with the task.

My program takes data from our client’s old server and moves it to their new server, making several alterations along the way.

Unfortunately, it’s  a slow process to move all of the data over. So, to test my program as I continue to develop it, I thought it might be useful if I could take a copy of the “live” database to somewhere more local (like my computer). This would remove the overhead of going through the Internet each time, and reduce the run time of the program significantly – an important consideration during its ongoing development.

Unfortunately, a quirk in the way that Microsoft SQL Server works is that the backup file I can make (ready to restore onto my computer) doesn’t appear on my computer, but appears on the old server. And I don’t have a means to get files off  the old server. Or do I? I have a username and password: I wonder if there are any other services running on the server to which I might have access. To find out, I use a program called Nmap to try to get a picture of what services are running on the server.

The results of running Nmap on the server. That’s a lot of open ports…

And that’s when I realised that something might be wrong. For those of you who aren’t inclined toward understanding the ins and outs of network security, the screenshot above should be considered to be more than a little alarming. There’s pretty obvious and clear signs that this computer is infected with Trinoo, NetBus, Back Orifice, and quite probably other malware. It’s almost certainly being used as part of denial of service attacks against other computers, and could well be stealing confidential information from our client’s server and the other computers on their network.

How have things gotten so out of control? I’m not sure. I’ve never seen such a rampant runaway set of infections on a server system before. Computers belonging to individuals, especially individuals inclined to installing BonziBuddy, Smiley Central/Cursor Mania, and so on, are often littered with malware, but one would hope that a server administrator might have a little more wisdom than to let unauthorised code run on a server for which they were responsible. At the very least, a Windows-based, Internet-accessible server ought to be running a strict firewall and antivirus software (virtually all antivirus software would have detected all three of the infections I’ve named above).

Just about  anybody can get onto the ‘net, these days, and I can just about forgive a regular Jo who says says, “I don’t know anything about computers; I just want to play FarmVille.” It’s disappointing when they end up inadvertently helping to send email advertising “$oft C1ALIS tabs” to the rest of us, and it’s upsetting when they get their credit card details stolen by a Nigerian, but it’s not so much their fault as the fault of the complexities they’re expected to understand in order to protect their new computer. But when somebody’s running a service (as our client is paying for, from a third-party company who’s “managing” their server for them), I’d really expect better.

The Bit for the “Regular Jo”

And if you are a “regular Jo” on a Windows PC and you care enough to want to check that you’re part of the solution and not part  of the problem, then you might be interested in a variety of free, trusted:

  • Anti-virus software (essential)
  • Adware/spyware removal tools (useful if you routinely install crap downloaded from the web), and
  • Firewall software (essential if you connect “directly” to the Internet, rather than via a “router”, or if you’re ever on networks on which you can’t trust the other network users – e.g. free wi-fi access points, shared Internet connections in student houses, etc.)

Edit: And don’t forget to regularly install your Windows Updates. Thanks to Gareth for the reminder that regular Jos should be encouraged to do this, too.

× ×

Article posted at UTC on .

2 comments

Thirty – Part Two

Last weekend, I turned thirty. As I described earlier, I had originally planned to write a retrospective summary of what I’d been doing for my life so far (y’know; what’ve I been up to these decades). I wasn’t terribly satisfied with what I’d written, so far, and by the time that the party was over I’d changed my mind completely. So I threw out everything I’d written so far and wrote this, instead.

Part II: The bit that’s different from what I expected to write.

As I said in Part I, I had originally planned to write a long and drawn-out retrospective, looking back on my life. I wanted to try to encapsulate it in some kind of bubble or capture it in some way that condensed it into something concise and manageable. But every time I tried to begin to put down words to express it, it always came out looking cynical and pessimistic. And that doesn’t reflect how my life has been this far: to the contrary, my original plan to write about the last time years has nestled within it most of the very best years of my life thus far. I took a moment to contemplate my situation: why was I unable to describe this period with the liveliness and joy with which it deserves. And then I realised: the reason that I was writing so pessimistically is because – unusually, those who know me will surely agree – I’ve had a somewhat pessimistic view of the world, recently… and this depressing outlook was infecting my words.

This last year and a bit have been hard, for me. Things like this, and this, and this, and this – among other events – have worn me down and made feel, quite often, that I’m fueled only by nostalgia and that I’ve been struggling to find motivation for the future. Even happy events, like Ruth & JTA’s wedding, have often been an intense emotional rollercoaster ride, full of ups and downs that would be an easy ride under normal conditions but which were each just “one thing to many” when combined with everything else. In short: it’s been a tough year.

The last ten weeks or so have been the worst. Struggling with a variety of different issues and, buried deep in the cold and the dark of a particularly bleak and challenging winter, I’ve periodically found myself a very long way out into the Not OK half of the room.

It’s been particularly unpleasant: not just for me but, I’m sure, for the folks who’ve had to put up with me while I’ve been so irritable and grumpy.

But it’s not all bad. The worst has passed, I think, and things are getting better. I’ve got all the support I could need, and it’s been getting better a little at a time – a little more each day. My birthday, though, was different. It wasn’t a step forward: it was a flying leap! Where I expected to be looking back over the past, I instead found myself looking forwards to the future. And being surrounded by the wonderful (infectious) bounciness and enthusiasm of so many great friends, piled into one place, was incredibly liberating. For the first time in weeks I felt a surge of optimism that persists even now.

I managed to find the time – but not the words – to try to tell some of you who were there how important it was for me that you’d been able to come and make the party a success. I hope that this blog post makes everything clearer.

Thanks to everybody involved for a fantastic party.

All comments on this post will be moderated before publication. If you don’t want your comment to be published, please state this in your comment or instead use the contact form.

 

Article posted at UTC on .

1 mention

Thirty – Part One

Last weekend, I turned thirty. I had originally planned to blog this weekend in a retrospective manner- looking back over the last decade or so of my life: a particularly common theme for the time of year, when we look back over our resolutions and count the years as they pass, and also a common activity suitable for a birthday so (arbitrarily, but apparently appropriately) significant as one’s thirtieth. However, I’ve had a change of heart, for two reasons.

Firstly, but least significantly, the numerical significance of a decade of life truly is arbitrary. This was expressed quite clearly, I think, when Finbar looked at my birthday cake, and, misinterpreting the writing on top of it, said, “You’re… 3D years old?” After a few seconds of mental arithmetic, I replied: “Not for another thirty-one years, I’m afraid.” Unfortunately my joke – based on the implication that my age was being expressed in hexadecimal base – was wasted on those within earshot (Angharad, Ele, and Lee, I think), but still gave me a moment to think: seriously: is the significance of my age really dependent upon the fact that it’s an exact multiple of the (modal – this isn’t quite true for all) number of digits on the uppermost two limbs of a human?

But more importantly, the reason behind my change of heart was primarily because of a shift in my attitude, brought about, I think, as a result of the birthday celebrations. I’ll talk about that in the next blog post. But first, I thought I’d tell you all about the party:

Part I: Surprise! Or: how to organise a surprise party that’s still surprising even though the person being honoured knows it’s happening.

Ruth tried ever so hard to keep my surprise party a surprise. It’s generally hard for her to keep secrets about which she is excited, and she’d become ever so proud of herself for managing to keep her plans under wraps for so long. Unfortunately, there was a miscommunication, and Finbar first heard about the party without being told that it was to be a surprise.

I received a text message from him towards the end of last year:

Hey Dan, I haven’t been watching my inbox and Angharad tells me you’re doing a thing on the 6th for your birth cycle. If we attended, could we pitch a tent behind earth? Happy birth cycle, by the way. Hard to believe you’re already 25.

This caused some confusion. Not only had he gotten the date wrong (a separate misunderstanding), but he was also talking about an event about which I know nothing. I began to compose a response, correcting him and explaining that no, nothing is planned – but perhaps if he and a few other people were free we could get together anyway. As I typed, I quizzed Ruth to see if she knew from where the confusion might have arisen. And so: the truth came out.

A 'Happy Birthday' banner in the hallway of Earth.
A ‘Happy Birthday’ banner in the hallway of Earth.

Nonetheless, the party was a success. Particular highlights (and surprises) included:

  • The attendance of so many people, and from such far-flung corners of the country! I was honestly overwhelmed by the attendance of so many friends at (what felt to me, at my late discovery) such short notice.
  • A beautiful cake produced by Ruth to show a group of Pikmin of various colours crowding around a large object that would require 30 of them to lift it: a wonderful interpretation of the (adorable) Pikmin characters for the medium of a birthday cake.
My birthday cake. With pikmin on it!
My birthday cake. With Pikmin on it!
  • Drinking cocktails out of the largest martini glass I’ve ever seen. Seriously: I could easily have drowned in this thing (sorry; no picture – others took some, though, and I’ll add one to this post if somebody can supply one).
  • A mixture of party games both silly (like the Christmas-themed pass-the-parcel which used up a lot of our spare Christmas supplies) and spectacular (like JTA‘s clever and complex treasure hunt, which has hampered only by the sheer number of guests involved even after Liz, Suz and I kindly offered to sit on the couch and take managerial roles). Even those games that didn’t get off the ground, like the short-lived game of charades, the on-again-off-again game of Apples To Apples which finally went ahead the following morning, and the ill-conceived fruit-passing game – not suitable for seated players, we now know – that ultimately lead to the spillage of lots of booze were fun in their own ways.
  • Discovering new things about old friends (the kinds of things that earn them even more Awesome Points™).
  • The thought and consideration that evidently took place in the minds of my fellow Earthicans, from the kids-party themed food and drink (plus alcohol, naturally) that I know that Ruth and JTA were up far too late preparing, to the blatantly catered-to-me playlist that first appeared on the music collection (thanks, Paul!). Even down to the detail of taking me outside again after everybody had arrived so that I could come in any everybody could shout “Surprise!”, as if I didn’t know (sorry, folks: I knew).
Leading candidates in the ad-hoc 'best boobies' competition. I still like Ele's.
Leading candidates in the ad-hoc ‘best boobies’ competition. I still like Ele’s.
  • Feeling like I was the core of a group of people that varied, over the course of the evening, between one and three parties (which shall be referred to as Party A, Party One, and The Upstairs Party).

Put simply, the party was fantastic. Everybody who came helped to make it awesome by bringing a bit of their own magical selves (or by contributing from afar by ordering the pizza, of course). Thank you all so very much.

The following morning, Matt eats a breakfast of muffins... and milk???
The following morning, Matt eats a breakfast of muffins… and milk???

Edit: Part 2 is now online. It’s significantly less jolly, but ultimately optimistic.

× × × ×

Dan Q found GL4ZB04Z WW1 With you in a jiffy lad!

This checkin to GL4ZB04Z WW1 With you in a jiffy lad! reflects a geocaching.com log entry. See more of Dan's cache logs.

Visited with pacifist_049 and first-timer Andrewsean85 on 2nd Jan, but only remembered to get around to logging it twenty days later! A nice little find made a little too-easy by bumping into another group of cachers who were there just before us (no log from them, though, whoever they were…) TFTC.

Dan Q found GL4WWE7T Splash

This checkin to GL4WWE7T Splash reflects a geocaching.com log entry. See more of Dan's cache logs.

Fantastic cache! pacifist049 and I took a look this morning as we happened to be in Preston. A match was due to start this afternoon so we wanted to make sure we were done before then! It took us quite a bit of puzzling to work out what we needed to do, and where, and a few failures in the co-ordinate calculation initially suggested that we were looking for a cache about 8 kilometres away!

Eventually though, we prevailed: once we knew where we were headed it was easy – and the clue makes perfect sense once you’re in the right area! Thanks again for an amazing cache; my first of 2011!